Attackers are reusing attacks (because they work)
|
|
- Veronica Moore
- 8 years ago
- Views:
Transcription
1 The Problem Attackers are reusing attacks (because they work) Defenders are collecting and/or sharing information, but Often a manual process (copy-paste from a PDF) Different sources provide different levels of context/details/terms Some groups do supply tools/automation, but usually just used in that group 1
2 Solution Standardized Language Structured Threat Information Expression Standardized Exchange Mechanism Trusted Automated Exchange of Indicator Information STIX and TAXII are efforts to enable automated cyber threat information exchange across organization and product boundaries. 2
3 How We Got Here The US Department of Homeland Security (DHS) Tasked with protecting the nation s cyber infrastructure Funded a project to develop standards for threat intelligence expression and sharing Homeland Security Systems Engineering and Development Institute (HS SEDI) A DHS Federally Funded Research and Development Center (FFRDC) operated by the MITRE Corporation DHS tasked HS SEDI with this project The MITRE STIX and TAXII Teams Oversee initial development, operate public resources, moderate community discussion, develop tools, documentation, and utilities, and provide training and guidance to users 3
4 What are STIX and TAXII? STIX is a framework and language for the characterization and communication of cyber threat information TAXII is a set of service and message definitions for securely exchanging cyber threat information NOT a sharing program, database, or tool but supports all of those uses and more They are a set of specifications offered freely to the public Developed with open community feedback Support Clear understandings of cyber threat information Consistent expression of threat information Secure, automated processing based on collected intelligence Advance the state of practice in threat analytics 4
5 STIX Use Cases Cover a Broad Spectrum STIX provides a common mechanism for addressing structured cyber threat information across and among this full range of use cases improving consistency, efficiency, interoperability, and overall situational awareness. 5
6 What is Cyber (Threat) Intelligence? Consider these questions: What activity are we seeing? What threats should I look for on my networks and systems and why? Where has this threat been seen? What does it do? What weaknesses does this threat exploit? What can I do about it? Who is responsible for this threat? Why does it do this? 6
7 STIX Indicator 7
8 What is a cyber observable? A measurable event or stateful property in the cyber domain Some measurable events: a registry key is created, a file is deleted, an http GET is received, Some stateful properties: MD5 hash of a file, value of a registry key, existence of a mutex, Cyber Observable expression (CybOX) is a standardized language for encoding and communicating information about cyber observables ( The MITRE Corporation. All rights reserved
9 CybOX v2.1 Objects Account Address API Archive File ARP Cache Entry Artifact Autonomous System Code Custom Device Disk Disk Partition DNS Query DNS Record DNS Cache Domain Name Message File GUI GUI Dialog Box GUI Window Hostname HTTP Session Image Library Link Linux Package Memory Mutex Network Connection Network Flow Network Packet Network Route Entry Network Route Network Subnet PDF File Pipe Port Process Product Semaphore SMS Socket Socket Address System Unix File Unix Network Route Entry Unix Pipe Unix Process Unix User Account Unix Volume URI URL History User Account User Session Volume Whois Win Computer Account Win Critical Section Win Driver Win Event Win Event Log Win Executable File Win File Win Filemapping Win Handle Win Hook Win Kernel Win Kernel Hook Win Mailslot Win Memory Page Region Win Mutex Win Network Route Entry Win Pipe Win Network Share Win Prefetch Win Process Win Registry Key Win Semaphore Win Service Win System Win System Restore Win Task Win Thread Win User Account Win Volume Win Waitable Timer X509 Certificate (more on the way) 9
10 CybOX Object Memory CybOX Object For generic memory region descriptions 10
11 STIX 1.1 Architecture 11
12 STIX 1.1 Architecture (Possible Subset) 12
13 Expressing Relationships in STIX Infrastructure Backdoor Badurl.com, , Indicator Observables - Subject: Follow- up 13
14 Expressing More Relationships in STIX Infrastructure Bad Guy Backdoor Indicator Badurl.com, , Observables - Subject: Follow- up Exploit Observables RelatedTo Indicator- 985 MD5 hash BankJob23 CERT
15 Part of Mandient s APT 1 in STIX 15
16 STIX and CybOX Today Currently defined by a set of XML Schemas and controlled vocabularies Just the way we chose to define the structure Not intended to represent permanent alignment with XML Current releases: STIX CybOX 2.1 Where possible, use existing structures CIQ for identity and addresses Snort, YARA, etc. for test mechanisms CVRF for vulnerability descriptions Extension points allow inclusion of other structures 16
17 TAXII Use Cases UC1 Allow existing sharing communities to add automation and interoperability without forcing large scale architecture changes UC2 Provide an easy way for new communities to begin sharing Design Philosophy Keep it simple Use existing transport protocols when possible Do not tell people how to arrange their sharing architecture 17
18 18 Flexible Sharing Models TAXII supports a wide variety of sharing models Push or pull delivery On-demand or subscription Subscriber Subscriber Peer D Peer C Subscriber Source Subscriber Source/Subscriber Peer E Peer to Peer Peer A Peer B (Consumer & Producer) (Producer only) Hub and (Consumer only) Hub (Consumer & Producer) 18
19 Key TAXII Features Content agnostic Allow anything; depend on nothing in the payload Data Collections used for content organization Collections can be ordered or unordered Data provider decides what constitutes a collection Support establishing and fulfilling subscriptions Support data pushing and pulling Support network and content-level security Encrypt transport and/or encrypt payloads Extensible bindings to network protocols and message formats Currently define XML messages over HTTP(S) Layered design allows for other options 19
20 20 TAXII Services TAXII defines four services Discovery A way to learn what services an entity supports and how to interact with them Collection Management A way to learn about and request subscriptions to Data Collections Inbox A way to receive pushed content (push messaging) Poll A way to request content (pull messaging) Each service is optional implement only the ones you wish Services can be combined in different ways for different sharing models 20
21 21 Hub & Example Discovery Collect. Manage. Poll Inbox Client Get connection info Pull recent data from the hub 1 Subscribe to data collections Hub Push recent data to a spoke 4 2 Push new data to the hub 3 21
22 22 Hub & Example (2) Discovery Collect. Manage. Poll Inbox Client Get connection info Pull recent data from the hub 1 Subscribe to data collections Hub 4 2 Push new data to the hub Clients do not host services. 22
23 23 Hub & Example (3) Discovery Collect. Manage. Poll Inbox Client 1 Get connection info Subscribe to data collections Hub Hub retains no records. Push recent data to a spoke 2 Push new data to the hub 3 23
24 24 Hub & Example (4) Discovery Collect. Manage. Poll Inbox Client Subscribe by purchasing contract Hub Pull recent data from the hub 4 2 Push new data to the hub Push recent data to a spoke 3 24
25 25 (Not a) Hub & (anymore) Example Discovery Collect. Manage. Poll Inbox Client 1 No Hub (Peer-topeer network) Push new data to peers 25
26 Operational FS-ISAC is currently sharing operational data using STIX/TAXII HP Threat Central (HPTC) uses STIX and TAXII Announcing-HP-Threat-Central-security-intelligence-platform/ba-p/ Microsoft Active Protection Program (MAPP) is developing STIX & TAXII support US-CERT is integrating support for STIX and TAXII for its alerts Lockheed Martin is helping the Open Information Security Foundation (OISF) add STIX & TAXII support to Suricata isgs-cyber-open-source-0508.html 26
27 Some of the organiza_ons contribu_ng to the STIX conversa_on: 27
28 Available Resources STIX, TAXII, and CybOX are actively supported Documentation and tutorials Training sessions Next is May at FIRST in Redmond, WA Active mailing list communities 28
29 Enabling Utilities Python Language bindings for STIX, CybOX, etc. Also includes high-level programmatic APIs for common needs/ activities Conversion utilities from commonly used formats & tools E.g., OpenIOC-to-STIX; others under development STIX Validator Includes validation against STIX Profiles and suggested practices) STIX-to-HTML Turn STIX into human-readable documents Stixviz Simple graphical visualization tool Utilities supporting common use cases _to_CybOX utility supporting phishing analysis & management X.509-to-CybOX utility supports generation of CybOX from an X.509 certificate Libtaxii Python binding for TAXII supports TAXII client development YETI Python/Django web app; Simple implementation of TAXII services 29
30 Summary Standardized Language Structured Threat Information Expression Standardized Exchange Mechanism Trusted Automated Exchange of Indicator Information Make it easier to express, exchange, consume, and correlate cyber threat intelligence Large group of contributing parties Used by real products/communities Supported by an active community and running code 30
31 Next Steps If you are creating or consuming threat intelligence, talk to your vendors about STIX If you are sharing threat intelligence, talk with your community about TAXII If you build tools that create, consume, or exchange cyber threat intelligence, talk to us we can help 31
32 For more information Websites Contains official releases and other info Sign up for the Discussion and Announcement mailing lists Open issues can be discussed on GitHub Related sites
33 Charles Schmidt STIX team TAXII team 33
Sample Usage of TAXII
THE MITRE CORPORATION Sample Usage of TAXII Version 1.0 (draft) Mark Davidson, Charles Schmidt 11/16/2012 The Trusted Automated exchange of Indicator Information (TAXII ) specifies mechanisms for exchanging
More informationThe Third Rail: New Stakeholders Tackle Security Threats and Solutions
SESSION ID: CXO-R03 The Third Rail: New Stakeholders Tackle Security Threats and Solutions Ted Ross Director, Threat Intelligence HP Security Research @tedross Agenda My brief background An example of
More informationCommon Attack Pattern Enumeration and Classification CAPEC A Community Knowledge Resource for Building Secure Software
Common Attack Pattern Enumeration and Classification CAPEC A Community Knowledge Resource for Building Secure Software CAPEC is a publicly available catalog of attack patterns along with a comprehensive
More informationThe MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Siemens AG 2014. All rights reserved
B. Grobauer, S.Berger, J. Göbel, T. Schreck, J. Wallinger Siemens CERT The MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Note MANTIS is available as Open Source under GPL v2+ from https://github.com/siemens/django-mantis
More informationAnatomy of Cyber Threats, Vulnerabilities, and Attacks
Anatomy of Cyber Threats, Vulnerabilities, and Attacks ACTIONABLE THREAT INTELLIGENCE FROM ONTOLOGY-BASED ANALYTICS 1 Anatomy of Cyber Threats, Vulnerabilities, and Attacks Copyright 2015 Recorded Future,
More informationEight Essential Elements for Effective Threat Intelligence Management May 2015
INTRODUCTION The most disruptive change to the IT security industry was ignited February 18, 2013 when a breach response company published the first research that pinned responsibility for Advanced Persistent
More informationSeparating Signal from Noise: Taking Threat Intelligence to the Next Level
SESSION ID: SPO2-T09 Separating Signal from Noise: Taking Threat Intelligence to the Next Level Doron Shiloach X-Force Product Manager IBM @doronshiloach Agenda Threat Intelligence Overview Current Challenges
More informationAfter the Attack: RSA's Security Operations Transformed
After the Attack: RSA's Security Operations Transformed Ben Smith, CISSP RSA Field CTO (East), Security Portfolio Senior Member, ISSA Northern Virginia 1 The Environment ~ 2,000 security devices ~55M security
More informationStandardizing Cyber Threat Intelligence Information with the Structured Threat Information expression (STIX )
THREAT-BASED DEFENSE Standardizing Cyber Threat Intelligence Information with the Structured Threat Information expression (STIX ) 2012. The MITRE Corporation. All rights reserved. IT IS BECOMING INCREASINGLY
More informationWhatsUpGold. v3.0. WhatsConnected User Guide
WhatsUpGold v3.0 WhatsConnected User Guide Contents CHAPTER 1 Welcome to WhatsConnected Finding more information and updates... 2 Sending feedback... 3 CHAPTER 2 Installing and Configuring WhatsConnected
More informationinformation security and its Describe what drives the need for information security.
Computer Information Systems (Forensics Classes) Objectives for Course Challenges CIS 200 Intro to Info Security: Includes managerial and Describe information security and its critical role in business.
More informationThreat Intelligence Buyer s Guide
Threat Intelligence Buyer s Guide SANS CTI Summit, 10 February 2014 Rick Holland @rickhholland Principal Analyst Last year 2014 Forrester Research, Inc. Reproduction Prohibited 2 This year, Arnold s back!!
More informationThe MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Siemens AG 2014. All rights reserved
B. Grobauer, S.Berger, J. Göbel, T. Schreck, J. Wallinger Siemens CERT The MANTIS Framework Cyber-Threat Intelligence Mgmt. for CERTs Open Source solutions for Managing Cyber Threat Intelligence Fall 2012
More informationIntelligence Driven Intrusion Detection
Intelligence Driven Intrusion Detection Matthias Wübbeling: matthias.wuebbeling@cs.uni-bonn.de Arnold Sykosch: sykosch@cs.uni-bonn.de Friedrich-Wilhelms-Universität Bonn: Working Group IT Security Fraunhofer
More informationSecurity Intelligence Services. www.kaspersky.com
Kaspersky Security Intelligence Services. Threat Intelligence Services www.kaspersky.com THREAT INTELLIGENCE SERVICES Tracking, analyzing, interpreting and mitigating constantly evolving IT security threats
More informationHost-based Intrusion Prevention on Windows and UNIX. Dr. Rich Murphey White Oak Labs
Host-based Intrusion Prevention on Windows and UNIX Dr. Rich Murphey White Oak Labs Acknowledgements Niels Provos OpenBSD s systrace DT suggested this thread last year Greg Hoglund insights md5 at da ghettohackers
More informationRSA Security Anatomy of an Attack Lessons learned
RSA Security Anatomy of an Attack Lessons learned Malcolm Dundas Account Executive John Hurley Senior Technology Consultant 1 Agenda Advanced Enterprise/ Threats The RSA Breach A chronology of the attack
More informationMachine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense
Machine-to-Machine Exchange of Cyber Threat Information: a Key to Mature Cyber Defense By: Daniel Harkness, Chris Strasburg, and Scott Pinkerton The Challenge The Internet is an integral part of daily
More informationInstrumentation for Linux Event Log Analysis
Instrumentation for Linux Event Log Analysis Rajarshi Das Linux Technology Center IBM India Software Lab rajarshi@in.ibm.com Hien Q Nguyen Linux Technology Center IBM Beaverton hien@us.ibm.com Abstract
More informationProtecting Your Organisation from Targeted Cyber Intrusion
Protecting Your Organisation from Targeted Cyber Intrusion How the 35 mitigations against targeted cyber intrusion published by Defence Signals Directorate can be implemented on the Microsoft technology
More informationLog Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security
Foreword p. xvii Log Analysis: Overall Issues p. 1 Introduction p. 2 IT Budgets and Results: Leveraging OSS Solutions at Little Cost p. 2 Reporting Security Information to Management p. 5 Example of an
More informationDeep Security Vulnerability Protection Summary
Deep Security Vulnerability Protection Summary Trend Micro, Incorporated This documents outlines the process behind rules creation and answers common questions about vulnerability coverage for Deep Security
More informationManaged Incident Lightweight Exchange (MILE)
Managed Incident Lightweight Exchange (MILE) Overview and Particpation Kathleen Moriarty Global Lead Security Architect EMC Corporate CTO Office 1 Agenda IETF s Managed Incident Lightweight Exchange (MILE)
More information81% of participants believe the government should share more threat intelligence with the private sector.
Threat Intelligence Sharing & the Government s Role in It Results of a Survey at InfoSec 2015 Section 1 1.1 Executive summary The last few years has seen a rise in awareness regarding security breaches
More informationAutomate the Hunt. Rapid IOC Detection and Remediation WHITE PAPER WP-ATH-032015
Rapid IOC Detection and Remediation WP-ATH-032015 EXECUTIVE SUMMARY In the escalating war that is cyber crime, attackers keep upping their game. Their tools and techniques are both faster and stealthier
More informationSecurity Vulnerability Management. Mark J Cox
Security Vulnerability Management Mark J Cox Responsibility & Accountability Unique challenges Many vendors all ship the same thing The vulnerabilities are there. The fact that somebody in the middle of
More informationThreat Intelligence Sharing in a Connected World
a Cohort plc company Threat Intelligence Sharing in a Connected World Mass Consultants Ltd November 2015 Prepared by: MASS Enterprise House Great North Road Little Paxton St Neots Cambridgeshire PE19 6BN
More informationQuality Over Quantity
Presented by Rod Rasmussen June 16, 2015 FIRST Conference, Berlin Quality Over Quantity CUTTING THROUGH CYBERTHREAT INTELLIGENCE NOISE Rod Rasmussen IID founder, CTO Co-chair Anti- Phishing Working Group
More informationSoltra edge open cyber intelligence platform report
Soltra edge open cyber intelligence platform report Prepared By: Alan Magar Sphyrna Security 340 Ridgeside Farm Drive Kanata, Ontario K2W 0A1 PWGSC Contract Number: W7714-08FE01/001/ST Task 33 CSA: Melanie
More informationConsiderations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.
Considerations In Developing Firewall Selection Criteria Adeptech Systems, Inc. Table of Contents Introduction... 1 Firewall s Function...1 Firewall Selection Considerations... 1 Firewall Types... 2 Packet
More informationThreat Intelligence: An Essential Component of Cyber Incident Response. Jeanie M Larson, CISSP-ISSMP, CISM, CRISC
Threat Intelligence: An Essential Component of Cyber Incident Response Jeanie M Larson, CISSP-ISSMP, CISM, CRISC What are we going to cover? Setting the Stage Why is Incident Response Critical? Cyber Threat
More informationWHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS
WHEN THE HUNTER BECOMES THE HUNTED HUNTING DOWN BOTNETS USING NETWORK TRAFFIC ANALYSIS /ABOUT/ME Thomas Chopitea - Incident handler @CertSG Digital forensics & incident response (#DFIR), malware analysis,
More informationUnified Security, ATP and more
SYMANTEC Unified Security, ATP and more TAKE THE NEXT STEP Martin Werner PreSales Consultant, Symantec Switzerland AG MEET SWISS INFOSEC! 27.01.2016 Unified Security 2 Symantec Enterprise Security Users
More informationadministrator are Console Users that can log on to the Web Management console and
Q and A Can I control what ObserveIT records? Yes, within the Web Console it is possible to define what the Agent records. By using inclusion or exclusion, you can control many aspects of the recording
More informationSecure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities
Secure Content Automation Protocol (SCAP): How it is increasingly used to automate enterprise security management activities Sean Barnum sbarnum@mitre.org September 2011 Overview What is SCAP? Why SCAP?
More informationNetBrain Security Guidance
NetBrain Security Guidance 1. User Authentication and Authorization 1.1. NetBrain Components NetBrain Enterprise Server includes five components: Customer License Server (CLS), Workspace Server (WSS),
More informationHow to Pop Email to Outlook
Webmail Access How to Pop Email to Outlook You can access your email account through the following URL: http://webmail.usalocalbiz.com. The login is your full email address and your account password. We
More informationGlobalSCAPE DMZ Gateway, v1. User Guide
GlobalSCAPE DMZ Gateway, v1 User Guide GlobalSCAPE, Inc. (GSB) Address: 4500 Lockhill-Selma Road, Suite 150 San Antonio, TX (USA) 78249 Sales: (210) 308-8267 Sales (Toll Free): (800) 290-5054 Technical
More informationDetecting rogue systems
Product Guide Revision A McAfee Rogue System Detection 4.7.1 For use with epolicy Orchestrator 4.6.3-5.0.0 Software Detecting rogue systems Unprotected systems, referred to as rogue systems, are often
More informationDeep Discovery. Technical details
Deep Discovery Technical details Deep Discovery Technologies DETECT Entry point Lateral Movement Exfiltration 360 Approach Network Monitoring Content Inspection Document Emulation Payload Download Behavior
More informationCyber Security Summit 2015
Cyber Security Summit 2015 Threat Intelligence 101: Introduction and Foundations Matthew J. Harmon IT Risk Limited, LLC Matthew J. Harmon IT Risk Limited, Principal Consultant DFIR, Pen Testing, Risk Management,
More informationIntegration of Nagios monitoring tools with IBM's solutions
Integration of Nagios monitoring tools with IBM's solutions Wojciech Kocjan IBM Corporation wojciech.kocjan@pl.ibm.com 1 Agenda Introduction Integration bottlenecks Why open standards? CIM and WBEM Open
More informationINFORMATION SECURITY TRAINING CATALOG (2015)
INFORMATICS AND INFORMATION SECURITY RESEARCH CENTER CYBER SECURITY INSTITUTE INFORMATION SECURITY TRAINING CATALOG (2015) Revision 3.0 2015 TÜBİTAK BİLGEM SGE Siber Güvenlik Enstitüsü P.K. 74, Gebze,
More informationWildFire. Preparing for Modern Network Attacks
WildFire WildFire automatically protects your networks from new and customized malware across a wide range of applications, including malware hidden within SSL-encrypted traffic. WildFire easily extends
More informationOpen Source in Government: Delivering Network Security, Flexibility and Interoperability
W H I T E P A P E R Open Source in Government: Delivering Network Security, Flexibility and Interoperability Uncompromising performance. Unmatched flexibility. Introduction Amid a growing emphasis on transparency
More informationHTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery
Securing HTTP communication between Symantec Enterprise Vault and Clearwell E- Discovery Requesting and Applying an SSL Certificate to secure communication ion from Clearwell E-Discovery to Enterprise
More informationAutomating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com
Automating Linux Malware Analysis Using Limon Sandbox Monnappa K A monnappa22@gmail.com A number of devices are running Linux due to its flexibility and open source nature. This has made Linux platform
More informationFirewall Builder Architecture Overview
Firewall Builder Architecture Overview Vadim Zaliva Vadim Kurland Abstract This document gives brief, high level overview of existing Firewall Builder architecture.
More informationData Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment
White Paper Data Collection and Analysis: Get End-to-End Security with Cisco Connected Analytics for Network Deployment Cisco Connected Analytics for Network Deployment (CAND) is Cisco hosted, subscription-based
More informationFS-ISAC CHARLES BRETZ
FS-ISAC CHARLES BRETZ Information Sharing To be forewarned is to be fore-armed MISSION: Sharing Timely, Relevant, Actionable Cyber and Physical Security Information & Analysis A nonprofit private sector
More informationAcano solution. Security Considerations. August 2015 76-1026-01-E
Acano solution Security Considerations August 2015 76-1026-01-E Contents Contents 1 Introduction... 3 2 Acano Secure Development Lifecycle... 3 3 Acano Security Points... 4 Acano solution: Security Consideration
More informationIndexing Full Packet Capture Data With Flow
Indexing Full Packet Capture Data With Flow FloCon January 2011 Randy Heins Intelligence Systems Division Overview Full packet capture systems can offer a valuable service provided that they are: Retaining
More informationSHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS
SHARING THREAT INTELLIGENCE ANALYTICS FOR COLLABORATIVE ATTACK ANALYSIS Samir Saklikar RSA, The Security Division of EMC Session ID: CLE T05 Session Classification: Intermediate Agenda Advanced Targeted
More informationMonitoring SharePoint 2007/2010/2013 Server Using Event Tracker
Monitoring SharePoint 2007/2010/2013 Server Using Event Tracker White Paper Publication Date: June 2012 EventTracker 8815 Centre Park Drive Columbia MD 21045 www.eventtracker.com Overview EventTracker
More informationXerox Mobile Print Cloud
September 2012 702P00860 Xerox Mobile Print Cloud Information Assurance Disclosure 2012 Xerox Corporation. All rights reserved. Xerox and Xerox and Design are trademarks of Xerox Corporation in the United
More informationUsing Network Based Security Systems to Search for STIX and TAXII Based Indicators of Compromise
Interested in learning more about security? SANS Institute InfoSec Reading Room This paper is from the SANS Institute Reading Room site. Reposting is not permitted without express written permission. Using
More informationKnow Your Foe. Threat Infrastructure Analysis Pitfalls
Know Your Foe Threat Infrastructure Analysis Pitfalls Who Are We? Founders of PassiveTotal Analysts/researchers with 10+ years of collective experience Interested in Better UX/UI for security systems Improving/re-thinking
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationProject 4: IP over DNS Due: 11:59 PM, Dec 14, 2015
CS168 Computer Networks Jannotti Project 4: IP over DNS Due: 11:59 PM, Dec 14, 2015 Contents 1 Introduction 1 2 Components 1 2.1 Creating the tunnel..................................... 2 2.2 Using the
More informationNetwork Security Deployment Obligation and Expenditure Report
Network Security Deployment Obligation and Expenditure Report First and Second Quarters, Fiscal Year 2015 June 16, 2015 Fiscal Year 2015 Report to Congress National Protection and Programs Directorate
More informationSymantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide
Symantec Integrated Enforcer for Microsoft DHCP Servers Getting Started Guide Legal Notice Copyright 2006 Symantec Corporation. All rights reserved. Federal acquisitions: Commercial Software - Government
More informationThe Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Dave Plzak Security Evangelist Sentinel IPS davep@econet.com * Agenda Review of the current Network
More informationIntroduction to Service Oriented Architecture (SOA)
Introduction to Service Oriented Architecture (SOA) Hari Rajagopal Galileo International Hari Rajagopal Introduction to Service Oriented Architecture (SOA) Page 1 Agenda Definitions Background SOA principles
More informationFederated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments
Federated Application Centric Infrastructure (ACI) Fabrics for Dual Data Center Deployments March 13, 2015 Abstract To provide redundancy and disaster recovery, most organizations deploy multiple data
More informationPATROL Internet Server Manager Technical Brief
PATROL Internet Server Manager Technical Brief Contents Why Manage Web Applications?...1 What Is PATROL?...1 The PATROL Agent...2 PATROL Knowledge Modules...2 The PATROL Console...2 PATROL Internet Server
More informationEmerging Technologies Shaping the Future of Data Warehouses & Business Intelligence
Emerging Technologies Shaping the Future of Data Warehouses & Business Intelligence Service Oriented Architecture SOA and Web Services John O Brien President and Executive Architect Zukeran Technologies
More informationHP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide
HP ProLiant Essentials Vulnerability and Patch Management Pack Planning Guide Product overview... 3 Vulnerability scanning components... 3 Vulnerability fix and patch components... 3 Checklist... 4 Pre-installation
More informationEnsuring the security of your mobile business intelligence
IBM Software Business Analytics Cognos Business Intelligence Ensuring the security of your mobile business intelligence 2 Ensuring the security of your mobile business intelligence Contents 2 Executive
More informationGOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS. Joe Goldberg. Splunk. Session ID: SPO-W09 Session Classification: Intermediate
GOOD GUYS VS BAD GUYS: USING BIG DATA TO COUNTERACT ADVANCED THREATS Joe Goldberg Splunk Session ID: SPO-W09 Session Classification: Intermediate About Me Joe Goldberg Current: Splunk - Security Evangelist
More informationPatch and Vulnerability Management Program
Patch and Vulnerability Management Program What is it? A security practice designed to proactively prevent the exploitation of IT vulnerabilities within an organization To reduce the time and money spent
More informationRedefining SIEM to Real Time Security Intelligence
Redefining SIEM to Real Time Security Intelligence David Osborne Security Architect September 18, 2012 Its not paranoia if they really are out to get you Malware Malicious Insiders Exploited Vulnerabilities
More informationThe Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era
The Role of Threat Intelligence and Layered Security for Intrusion Prevention in the Post-Target Breach Era Ted Gruenloh Director of Operations Sentinel IPS * Agenda! Review of the current Network Security
More informationWildFire Overview. WildFire Administrator s Guide 1. Copyright 2007-2015 Palo Alto Networks
WildFire Overview WildFire provides detection and prevention of zero-day malware using a combination of malware sandboxing and signature-based detection and blocking of malware. WildFire extends the capabilities
More informationFROM INBOX TO ACTION EMAIL AND THREAT INTELLIGENCE:
WHITE PAPER EMAIL AND THREAT INTELLIGENCE: FROM INBOX TO ACTION There is danger in your email box. You know it, and so does everyone else. The term phishing is now part of our daily lexicon, and even if
More informationMonitoring Windows Servers and Applications with GroundWork Monitor Enterprise 6.7. Product Application Guide October 8, 2012
Monitoring Windows Servers and Applications with GroundWork Monitor Enterprise 6.7 Product Application Guide October 8, 2012 Table of Contents Introduction...3 Definitions and Abbreviations...3 GroundWork
More informationSan Jose State University
San Jose State University Fall 2011 CMPE 272: Enterprise Software Overview Project: Date: 5/9/2011 Under guidance of Professor, Rakesh Ranjan Submitted by, Team Titans Jaydeep Patel (007521007) Zankhana
More informationCARRIOTS TECHNICAL PRESENTATION
CARRIOTS TECHNICAL PRESENTATION Alvaro Everlet, CTO alvaro.everlet@carriots.com @aeverlet Oct 2013 CARRIOTS TECHNICAL PRESENTATION 1. WHAT IS CARRIOTS 2. BUILDING AN IOT PROJECT 3. DEVICES 4. PLATFORM
More informationNetwork Payload Analysis for Advanced Persistent Threats Charles Smutz, Lockheed Martin CIRT
Network Payload Analysis for Advanced Persistent Threats Charles Smutz, Lockheed Martin CIRT 0000 7/6/2010 1 About Speaker Name Background Current Job Employer Education Charles Smutz Sysadmin, Networking,
More informationWeb Security School Entrance Exam
Web Security School Entrance Exam By Michael Cobb 1) What is SSL used for? a. Encrypt data as it travels over a network b. Encrypt files located on a Web server c. Encrypt passwords for storage in a database
More informationConcierge SIEM Reporting Overview
Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts
More informationwww.mvatcybernet.com PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008
PRODUCT VERSION: LYNC SERVER 2010, LYNC SERVER 2013, WINDOWS SERVER 2008 With Forefront Threat Management Gateway 2010 now discontinued, we sought a suitable reverse proxy solution that works with Lync
More informationConfiguring SNMP. 2012 Cisco and/or its affiliates. All rights reserved. 1
Configuring SNMP 2012 Cisco and/or its affiliates. All rights reserved. 1 The Simple Network Management Protocol (SNMP) is part of TCP/IP as defined by the IETF. It is used by network management systems
More informationOverview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs
Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks
More informationThreat Intelligence: Friend of the Enterprise
SECURELY ENABLING BUSINESS Threat Intelligence: Friend of the Enterprise Danny Pickens Principal Intelligence Analyst MSS FishNet Security DANNY PICKENS Principal Intelligence Analyst, FishNet Security
More informationE-Commerce Security. The Client-Side Vulnerabilities. Securing the Data Transaction LECTURE 7 (SECURITY)
E-Commerce Security An e-commerce security system has four fronts: LECTURE 7 (SECURITY) Web Client Security Data Transport Security Web Server Security Operating System Security A safe e-commerce system
More informationvsphere Client Hardware Health Monitoring VMware vsphere 4.1
Technical Note vsphere Client Hardware Health Monitoring VMware vsphere 4.1 Purpose of This Document VMware vsphere provides health monitoring data for ESX hardware to support datacenter virtualization.
More informationWebsense Content Gateway HTTPS Configuration
Websense Content Gateway HTTPS Configuration web security data security email security Support Webinars 2010 Websense, Inc. All rights reserved. Webinar Presenter Title: Sr. Tech Support Specialist Cisco
More informationGoogle App Engine. Guido van Rossum Stanford EE380 Colloquium, Nov 5, 2008
Google App Engine Guido van Rossum Stanford EE380 Colloquium, Nov 5, 2008 Google App Engine Does one thing well: running web apps Simple app configuration Scalable Secure 2 App Engine Does One Thing Well
More informationOwner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de
Owner of the content within this article is www.isaserver.org Written by Marc Grote www.it-training-grote.de Microsoft Forefront TMG How to use SQL Server 2008 Express Reporting Services Abstract In this
More information場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR
場 次 :C-3 公 司 名 稱 :RSA, The Security Division of EMC 主 題 : 如 何 應 用 網 路 封 包 分 析 對 付 資 安 威 脅 主 講 人 :Jerry.Huang@rsa.com Sr. Technology Consultant GCR Minimum Requirements of Security Management and Compliance
More informationSANS Top 20 Critical Controls for Effective Cyber Defense
WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a
More informationSyncThru TM Web Admin Service Administrator Manual
SyncThru TM Web Admin Service Administrator Manual 2007 Samsung Electronics Co., Ltd. All rights reserved. This administrator's guide is provided for information purposes only. All information included
More informationIntroduction into Web Services (WS)
(WS) Adomas Svirskas Agenda Background and the need for WS SOAP the first Internet-ready RPC Basic Web Services Advanced Web Services Case Studies The ebxml framework How do I use/develop Web Services?
More informationComputer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1
Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton
More informationTWO-WAY EMAIL & SMS MESSAGING SMS WEB SERVICE. Product White Paper. Website: www.m-science.com Telephone: 01202 241120 Email: enquiries@m-science.
TWO-WAY EMAIL & SMS MESSAGING SMS WEB SERVICE Product White Paper Website: www.m-science.com Telephone: 01202 241120 Email: enquiries@m-science.com Contents Introduction... 3 Product Components... 3 Web
More informationDeployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365
Deployment Guide AX Series with Active Directory Federation Services 2.0 and Office 365 DG_ADFS20_120907.1 TABLE OF CONTENTS 1 Overview... 4 2 Deployment Guide Overview... 4 3 Deployment Guide Prerequisites...
More informationAutomated Patching. Paul Asadoorian IT Security Specialist Brown University
Automated Patching Paul Asadoorian IT Security Specialist Brown University Outline Automated Patching Introduction Tools from Microsoft Microsoft SUS Microsoft SMS Others HFNetCheck Pro (Shavlik) Novell
More informationBotnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic
The Leader in Cloud Security RESEARCH REPORT Botnet Analysis Leveraging Domain Ratio Analysis Uncovering malicious activity through statistical analysis of web log traffic ABSTRACT Zscaler is a cloud-computing,
More informationThreat Intelligence is Dead. Long Live Threat Intelligence!
SESSION ID: STR-R02 Threat Intelligence is Dead. Long Live Threat Intelligence! Mark Orlando Director of Cyber Operations Foreground Security Background Threat Intelligence is Dead. Long Live Threat Intelligence!
More information